Professional Documents
Culture Documents
Network Protocols/Mobile IP
Motivation Problems
Data transfer Micro mobility support
Encapsulation DHCP
Security Ad-hoc networks
IPv6 Routing protocols
8.1
Motivation for Mobile IP
Routing
based on IP destination address, network prefix (e.g. 129.13.42)
determines physical subnet
change of physical subnet implies change of IP address to have a
topological correct address (standard IP) or needs special entries in the
routing tables
Specific routes to end-systems?
change of all routing table entries to forward packets to the right destination
does not scale with the number of mobile hosts and frequent changes in
the location, security problems
Changing the IP-address?
adjust the host IP address depending on the current location
almost impossible to find a mobile system, DNS updates take to long time
TCP connections break, security problems
8.2
Requirements to Mobile IP (RFC 3344, was: 3220, was: 2002)
Transparency
mobile end-systems keep their IP address
continuation of communication after interruption of link possible
point of connection to the fixed network can be changed
Compatibility
support of the same layer 2 protocols as IP
no changes to current end-systems and routers required
mobile end-systems can communicate with fixed systems
Security
authentication of all registration messages
Efficiency and scalability
only little additional messages to the mobile system required (connection
typically via a low bandwidth radio link)
world-wide support of a large number of mobile systems in the whole
Internet
8.3
Terminology
Mobile Node (MN)
system (node) that can change the point of connection
to the network without changing its IP address
Home Agent (HA)
system in the home network of the MN, typically a router
registers the location of the MN, tunnels IP datagrams to the COA
Foreign Agent (FA)
system in the current foreign network of the MN, typically a router
forwards the tunneled datagrams to the MN, typically also the
default router for the MN
Care-of Address (COA)
address of the current tunnel end-point for the MN (at FA or MN)
actual location of the MN from an IP point of view
can be chosen, e.g., via DHCP
Correspondent Node (CN)
communication partner
8.4
Example network
HA
MN
router
end-system router
8.5
Data transfer to the mobile system
HA
2
MN
FA foreign
network
8.6
Data transfer from the mobile system
HA
1 MN
FA foreign
network
receiver
8.7
Overview
COA
router
home router MN
FA
network HA
foreign
Internet network
CN router
3.
home router router
2. MN
network HA FA
4.
foreign
Internet network
1.
CN router
8.8
Network integration
Agent Advertisement
HA and FA periodically send advertisement messages into their
physical subnets
MN listens to these messages and detects, if it is in the home or a
foreign network (standard case for home network)
MN reads a COA from the FA advertisement messages
Registration (always limited lifetime!)
MN signals COA to the HA via the FA, HA acknowledges via FA to MN
these actions have to be secured by authentication
Advertisement
HA advertises the IP address of the MN (as for fixed systems), i.e.
standard routing information
routers adjust their entries, these are stable for a longer time (HA
responsible for a MN over a longer period of time)
packets to the MN are sent to the HA,
independent of changes in COA/FA
8.9
Agent advertisement
0 7 8 15 16 23 24 31
type code checksum
#addresses addr. size lifetime
router address 1
preference level 1
router address 2
preference level 2
...
type = 16
length = 6 + 4 * #COAs type = 16 length sequence number
R: registration required registration lifetime R B H F M G r T reserved
B: busy, no more registrations COA 1
H: home agent COA 2
F: foreign agent ...
M: minimal encapsulation
G: GRE encapsulation
r: =0, ignored (former Van Jacobson compression)
T: FA supports reverse tunneling
reserved: =0, ignored
8.10
Registration
MN re FA HA MN re HA
gist gist
requ ration requ ration
es t e st
regi
s
requ tration
est
tion
stra
regi
y
n repl
i s t ratio
reg
repl
y t
n
i st ratio
reg
y
repl
8.11
Mobile IP registration request
0 7 8 15 16 23 24 31
type = 1 S B DMG r T x lifetime
home address
home agent
COA
identification
extensions . . .
S: simultaneous bindings
B: broadcast datagrams
D: decapsulation by MN
M mininal encapsulation
G: GRE encapsulation
r: =0, ignored
T: reverse tunneling requested
x: =0, ignored
8.12
Mobile IP registration reply
0 7 8 15 16 31
type = 3 code lifetime
home address
home agent
identification
Example codes: extensions . . .
registration successful
0 registration accepted
1 registration accepted, but simultaneous mobility bindings unsupported
registration denied by FA
65 administratively prohibited
66 insufficient resources
67 mobile node failed authentication
68 home agent failed authentication
69 requested Lifetime too long
registration denied by HA
129 administratively prohibited
131 mobile node failed authentication
133 registration Identification mismatch
135 too many simultaneous mobility bindings
8.13
Encapsulation
8.14
Encapsulation I
8.15
Encapsulation II
8.16
Generic Routing Encapsulation
original
original data
header
GRE original
outer header original data
header header
8.17
Optimization of packet forwarding
Triangular Routing
sender sends all packets via HA to MN
higher latency and network load
“Solutions”
sender learns the current location of MN
direct tunneling to this location
HA informs a sender about the location of MN
big security problems!
Change of FA
packets on-the-fly during the change can be lost
new FA informs old FA to avoid packet loss, old FA now forwards
remaining packets to new FA
this information also enables the old FA to release resources for the MN
8.18
Change of foreign agent
CN HA FAold FAnew MN
Data Data
MN changes
location
Update Registration
ACK
Data
Data Data
Warning
Request
Update
ACK
Data
Data
t
8.19
Reverse tunneling (RFC 3024, was: 2344)
HA
2
MN
FA foreign
network
1. MN sends to FA
3 2. FA tunnels packets to HA
CN by encapsulation
3. HA forwards the packet to the
receiver (standard case)
receiver
8.20
Mobile IP with reverse tunneling
8.21
Mobile IP and IPv6
Mobile IP was developed for IPv4, but IPv6 simplifies the protocols
security is integrated and not an add-on, authentication of registration is
included
COA can be assigned via auto-configuration (DHCPv6 is one candidate),
every node has address autoconfiguration
no need for a separate FA, all routers perform router advertisement which
can be used instead of the special agent advertisement; addresses are
always co-located
MN can signal a sender directly the COA, sending via HA not needed in
this case (automatic path optimization)
„soft“ hand-over, i.e. without packet loss, between two subnets is
supported
MN sends the new COA to its old router
the old router encapsulates all incoming packets for the MN and forwards them
to the new COA
authentication is always granted
8.22
Problems with mobile IP
Security
authentication with FA problematic, for the FA typically belongs to another
organization
no protocol for key management and key distribution has been
standardized in the Internet
patent and export restrictions
Firewalls
typically mobile IP cannot be used together with firewalls, special set-ups
are needed (such as reverse tunneling)
QoS
many new reservations in case of RSVP
tunneling makes it hard to give a flow of packets a special treatment
needed for the QoS
Security, firewalls, QoS etc. are topics of current research and
discussions!
8.23
Security in Mobile IP
8.24
IP security architecture I
IP-Header
IP header
Encapsulation Authentification-Header
authentication
Security Payload header UDP/TCP-Paket
UDP/TCP data
protects confidentiality between communication partners
8.25
IP security architecture II
8.26
Key distribution
FA MH
response:
EHA-FA {session key}
HA EHA-MH {session key}
8.27
IP Micro-mobility support
Micro-mobility support:
Efficient local handover inside a foreign domain
without involving a home agent
Reduces control traffic on backbone
Especially needed in case of route optimization
Example approaches:
Cellular IP
HAWAII
Hierarchical Mobile IP (HMIP)
Important criteria:
Security Efficiency, Scalability, Transparency, Manageability
8.28
Cellular IP
Operation:
„CIP Nodes“ maintain routing Internet
entries (soft state) for MNs
Multiple entries possible Mobile IP
Routing entries updated based
CIP Gateway
on packets sent by MN data/control
CIP Gateway: packets
Mobile IP tunnel endpoint from MN 1
Initial registration processing
Security provisions:
BS BS BS
all CIP Nodes share packets from
„network key“ MN2 to MN 1
MN key: MD5(net key, IP addr)
MN1 MN2
MN gets key upon registration
8.29
Cellular IP: Security
Advantages:
Initial registration involves authentication of MNs
and is processed centrally by CIP Gateway
All control messages by MNs are authenticated
Replay-protection (using timestamps)
Potential problems:
MNs can directly influence routing entries
Network key known to many entities
(increases risk of compromise)
No re-keying mechanisms for network key
No choice of algorithm (always MD5, prefix+suffix mode)
Proprietary mechanisms (not, e.g., IPSec AH)
8.30
Cellular IP: Other issues
Advantages:
Simple and elegant architecture
Mostly self-configuring (little management needed)
Integration with firewalls / private address support possible
Potential problems:
Not transparent to MNs (additional control messages)
Public-key encryption of MN keys may be a problem
for resource-constrained MNs
Multiple-path forwarding may cause inefficient use of available bandwidth
8.31
HAWAII (Handoff Aware Wireless Access Internet Infrastructure)
Operation:
MN obtains co-located COA
1
and registers with HA Internet
2
Handover: MN keeps COA, HA
new BS answers Reg. Request
3 Backbone
and updates routers
4 Router
MN views BS as foreign agent
Crossover
Security provisions: Router
MN-FA authentication mandatory 2
Challenge/Response Extensions 4 Mobile IP
mandatory
BS BS BS DHCP
Server
Mobile IP
3
MN MN DHCP
1
8.32
HAWAII: Security
Advantages:
Mutual authentication and C/R extensions mandatory
Only infrastructure components can influence routing entries
Potential problems:
Co-located COA raises DHCP security issues
(DHCP has no strong authentication)
Decentralized security-critical functionality
(Mobile IP registration processing during handover)
in base stations
Authentication of HAWAII protocol messages unspecified
(potential attackers: stationary nodes in foreign network)
MN authentication requires PKI or AAA infrastructure
8.33
HAWAII: Other issues
Advantages:
Mostly transparent to MNs
(MN sends/receives standard Mobile IP messages)
Explicit support for dynamically assigned home addresses
Potential problems:
Mixture of co-located COA and FA concepts may not be
supported by some MN implementations
No private address support possible
because of co-located COA
8.34
Hierarchical Mobile IPv6 (HMIPv6)
Operation:
Network contains mobility anchor point (MAP)
mapping of regional COA (RCOA) to link COA Internet
(LCOA) HA
Upon handover, MN informs
MAP only RCOA
gets new LCOA, keeps RCOA MAP
HA is only contacted if MAP
changes
binding AR AR
update
Security provisions:
LCOAnew LCOAold
no HMIP-specific
security provisions MN MN
binding updates should be
authenticated
8.35
Hierarchical Mobile IP: Security
Advantages:
Local COAs can be hidden,
which provides some location privacy
Direct routing between CNs sharing the same link is possible (but might be
dangerous)
Potential problems:
Decentralized security-critical functionality
(handover processing) in mobility anchor points
MNs can (must!) directly influence routing entries via binding updates
(authentication necessary)
8.36
Hierarchical Mobile IP: Other issues
Advantages:
Handover requires minimum number
of overall changes to routing tables
Integration with firewalls / private address support possible
Potential problems:
Not transparent to MNs
Handover efficiency in wireless mobile scenarios:
Complex MN operations
All routing reconfiguration messages
sent over wireless link
8.37
DHCP: Dynamic Host Configuration Protocol
Application
simplification of installation and maintenance of networked computers
supplies systems with all necessary information, such as IP address, DNS
server address, domain name, subnet mask, default router etc.
enables automatic integration of systems into an Intranet or the Internet,
can be used to acquire a COA for Mobile IP
Client/Server-Model
the client sends via a MAC broadcast a request to the DHCP server (might
be via a DHCP relay)
DHCPDISCOVER
DHCPDISCOVER
server client
client relay
8.38
DHCP - protocol mechanisms
selection of configuration
DHCPREQUEST DHCPREQUEST
(reject) (options) confirmation of
configuration
DHCPACK
initialization completed
release
DHCPRELEASE delete context
8.39
DHCP characteristics
Server
several servers can be configured for DHCP, coordination not yet
standardized (i.e., manual configuration)
Renewal of configurations
IP addresses have to be requested periodically, simplified protocol
Options
available for routers, subnet mask, NTP (network time protocol) timeserver,
SLP (service location protocol) directory,
DNS (domain name system)
8.40
Mobile ad hoc networks
A B C
8.41
Solution: Wireless ad-hoc networks
Examples
Single-hop: All partners max. one hop apart
Bluetooth piconet, PDAs in a room,
gaming devices…
8.42
Manet: Mobile Ad-hoc Networking
Mobile
Router
Manet
Mobile
Devices
Mobile IP,
DHCP
Fixed
Network
8.43
Problem No. 1: Routing
N4 N4
N5 N5
time = t1 time = t2
good link
weak link
8.44
Traditional routing algorithms
Distance Vector
periodic exchange of messages with all physical neighbors that contain
information about who can be reached at what distance
selection of the shortest path if several paths available
Link State
periodic notification of all routers about the current state of all physical links
router get a complete picture of the network
Example
ARPA packet radio network (1973), DV-Routing
every 7.5s exchange of routing tables including link quality
updating of tables also by reception of packets
routing problems solved with limited flooding
8.45
Routing in ad-hoc networks
Reasons
Classical approaches from fixed networks fail
Very slow convergence, large overhead
High dynamicity, low bandwidth, low computing power
8.46
Problems of traditional routing algorithms
8.47
DSDV (Destination Sequenced Distance Vector)
Early work
on demand version: AODV
8.48
Dynamic source routing I
Discover a path
only if a path for sending packets to a certain destination is needed and no
path is currently available
Maintaining a path
only while the path is in use one has to make sure that it can be used
continuously
8.49
Dynamic source routing II
Path discovery
broadcast a packet with destination address and unique ID
if a station receives a broadcast packet
if the station is the receiver (i.e., has the correct destination address) then return
the packet to the sender (path was collected in the packet)
if the packet has already been received earlier (identified via ID) then discard
the packet
otherwise, append own address and broadcast packet
sender receives packet with the current path (address list)
Optimizations
limit broadcasting if maximum diameter of the network is known
caching of address lists (i.e. paths) with help of passing packets
stations can use the cached information for path discovery (own paths or paths
for other hosts)
8.50
DSR: Route Discovery
Sending from C to O P R
C
G Q
B I
E
K M O
A
H
D L
F J N
8.51
DSR: Route Discovery
Broadcast P R
[O,C,4711]
C
[O,C,4711] G Q
B I
E
K M O
A
H
D L
F J N
8.52
DSR: Route Discovery
P R
[O,C/G,4711]
C
G [O,C/G,4711] Q
[O,C/B,4711]
B I
E
K M O
A
[O,C/E,4711] H
D L
F J N
8.53
DSR: Route Discovery
P R
C
G Q
[O,C/G/I,4711]
B I
E
K M O
A
H
[O,C/E/H,4711]
[O,C/B/A,4711] D L
F J N
[O,C/B/D,4711]
(alternatively: [O,C/E/D,4711])
8.54
DSR: Route Discovery
P R
C
G Q
[O,C/G/I/K,4711]
B I
E
K M O
A
H
D L
F J N
[O,C/E/H/J,4711]
[O,C/B/D/F,4711]
8.55
DSR: Route Discovery
P R
C
G Q
[O,C/G/I/K/M,4711]
B I
E
K M O
A
H
D L
F J N
[O,C/E/H/J/L,4711]
(alternatively: [O,C/G/I/K/L,4711])
8.56
DSR: Route Discovery
P R
C
G Q
B I
E
K M O
A
H
D L
F J N
[O,C/E/H/J/L/N,4711]
8.57
DSR: Route Discovery
P R
C
G Q
Path: M, K, I, G
B I
E
K M O
A
H
D L
F J N
8.58
Dynamic Source Routing III
Maintaining paths
after sending a packet
wait for a layer 2 acknowledgement (if applicable)
listen into the medium to detect if other stations forward the packet (if possible)
request an explicit acknowledgement
if a station encounters problems it can inform the sender of a packet or
look-up a new path locally
8.59
Interference-based routing
N1
N2
R1
S1 N3
N4
N5 N6 R2
S2
N8 N9
N7
neighbors
(i.e. within radio range)
8.60
Examples for interference based routing
8.61
A plethora of ad hoc routing protocols
Flat
proactive
FSLS – Fuzzy Sighted Link State
FSR – Fisheye State Routing
OLSR – Optimised Link State Routing Protocol
TBRPF – Topology Broadcast Based on Reverse Path Forwarding
reactive
AODV – Ad hoc On demand Distance Vector
DSR – Dynamic Source Routing
Hierarchical
CGSR – Clusterhead-Gateway Switch Routing
HSR – Hierarchical State Routing
LANMAR – Landmark Ad Hoc Routing
ZRP – Zone Routing Protocol
Geographic position assisted
DREAM – Distance Routing Effect Algorithm for Mobility
GeoCast – Geographic Addressing and Routing
GPSR – Greedy Perimeter Stateless Routing
LAR – Location-Aided Routing
8.62
Further difficulties and research areas
Auto-Configuration
Assignment of addresses, function, profile, program, …
Service discovery
Discovery of services and service providers
Multicast
Transmission to a selected group of receivers
Quality-of-Service
Maintenance of a certain transmission quality
Power control
Minimizing interference, energy conservation mechanisms
Security
Data integrity, protection from attacks (e.g. Denial of Service)
Scalability
10 nodes? 100 nodes? 1000 nodes? 10000 nodes?
Integration with fixed networks
8.63
Clustering of ad-hoc networks
Internet
Cluster head
Base station
Cluster
Super cluster
8.64
The next step: Wireless Sensor Networks (WSN)
Differences to MANETs
Applications: MANET more powerful, more general Example:
WSN more specific www.scatterweb.net
Devices: MANET more powerful, higher data rates, more resources
WSN rather limited, embedded, interacting with environment
Scale: MANET rather small (some dozen devices)
WSN can be large (thousands)
Basic paradigms: MANET individual node important, ID centric
WSN network important, individual node may be dispensable, data
centric
Mobility patterns, Quality-of Service, Energy, Cost per node …
8.65
A typical WSN
SN SN
GW Bluetooth
SN GW
SN SN
SN SN
SN SN
SN
GW
GW SN
WL SN
Eth
P RS A N
G
ern
et
8.66
Example: ScatterWeb Sensor Nodes
8.67
Example: ScatterWeb Gateways
USB
Simple Integration PC world
Enables over-the-air programming
either point-to-point or broadcast
including reliable multi-hop
Ethernet
RJ45 Adapter for 10/100 Mbit/s
Power-over-Ethernet (802.3af)
Standard Internet protocols (IP, TCP, HTTP, HTTPS, ARP, DHCP)
Integrated Web server providing applets for sensor net control
Secure access of ScatterWeb from any browser on the net
All-in-one
WLAN, Ethernet, Bluetooth,
GPS, GSM/GPRS, USB, serial…
8.68
Sensor Networks: Challenges and Research Areas
Self-configuring networks
Routing
Data aggregation
Localization
8.69
Routing in WSNs is different
Sink
8.70
Energy-aware routing
Only sensors with sufficient energy forward data for other nodes
Example: Routing via nodes with enough solar power is considered “for
free”
8.71
Solar-aware routing
Solar-powered node
Send status updates to neighbors
Either proactive or when sniffing ongoing traffic
Have neighbor nodes reroute the traffic
8.72
Example: Software for controlling a sensor network
8.73
Today’s WSNs
8.74